Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What is Cross Site Scripting (XSS)?

cross Scripting site XSS
0
Posted

What is Cross Site Scripting (XSS)?

0 CommentsAdd a Comment

1 Answer

0

Say you have a comments section on your site and user A enters the following comment: I think it’s an outrage that more isn’t being done to stop the proliferation of widgets in our country. When you show that comment on your comments page it looks innocuous enough. But when user B else views that comments page, the javascript code embedded in the comment will harvest user B’s cookie for your site. Since cookies are often used to store login state, user A can potentially use that cookie to hijack the identity of person B on your site. A creative hacker could even try to use more sophisticated javascript to try to capture other user’s passwords as they type them into forms. The easiest and most draconian way to avoid this problem is to use a regex to remove any html from user comments. If you want to allow som

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.